Jaeho Shin ROPAS Show & Tell

Slides:

Advertisements

Similar presentations

Types and Programming Languages Lecture 7 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

R O O T S Field-Sensitive Points-to-Analysis Eda GÜNGÖR

Computer Science CPSC 322 Lecture 25 Top Down Proof Procedure (Ch 5.2.2)

Static Single Assignment (SSA) Form Jaeho Shin :00 ROPAS Weekly Show & Tell.

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.

Approximation Algorithms Chapter 14: Rounding Applied to Set Cover.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

Timed Automata.

UNIT-III By Mr. M. V. Nikum (B.E.I.T). Programming Language Lexical and Syntactic features of a programming Language are specified by its grammar Language:-

Compiler Principle and Technology Prof. Dongming LU Mar. 28th, 2014.

Lecture 01 - Introduction Eran Yahav 1. 2 Who? Eran Yahav Taub 734 Tel: Monday 13:30-14:30

1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

1 8. Safe Query Languages Safe program – its semantics can be at least partially computed on any valid database input. Safety is tied to program verification,

Costas Busch - RPI1 Grammars. Costas Busch - RPI2 Grammars Grammars express languages Example: the English language.

White Box Testing and Symbolic Execution Written by Michael Beder.

Courtesy Costas Busch - RPI

Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://

Abstract Interpretation Part I Mooly Sagiv Textbook: Chapter 4.

1 Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program Analysis.

PSUCS322 HM 1 Languages and Compiler Design II Formal Semantics Material provided by Prof. Jingke Li Stolen with pride and modified by Herb Mayer PSU Spring.

1 Reverse of a Regular Language. 2 Theorem: The reverse of a regular language is a regular language Proof idea: Construct NFA that accepts : invert the.

1 Systematic Domain Design Some Remarks. 2 Best (Conservative) interpretation abstract representation Set of states concretization Abstract semantics.

Compiler Construction

Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.

Chapter 5: Sequences, Mathematical Induction and Recursion

Prof. Busch - LSU1 Linear Grammars Grammars with at most one variable at the right side of a production Examples:

Why Function Optimization ?

Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.

Fall 2003Costas Busch - RPI1 Linear Grammars Grammars with at most one variable at the right side of a production Examples:

1 Combinatorial Algorithms Local Search. A local search algorithm starts with an arbitrary feasible solution to the problem, and then check if some small,

Data Structures and Algorithms Dr. Tehseen Zia Assistant Professor Dept. Computer Science and IT University of Sargodha Lecture 1.

CS404 Design and Analysis of Algorithms BBy DDr. M V S Peri Sastry BB.E, PhD(BITS-Pilani)

CSE 425: Syntax I Syntax and Semantics Syntax gives the structure of statements in a language –Allowed ordering, nesting, repetition, omission of symbols.

System To Generate Test Data: The Analysis Program Syed Nabeel.

Compiler Construction CPCS302 Dr. Manal Abdulaziz.

JavaScript Introduction and Background. 2 Web languages Three formal languages HTML JavaScript CSS Three different tasks Document description Client-side.

1 Iterative Program Analysis Abstract Interpretation Mooly Sagiv Tel Aviv University Textbook:

Operational Semantics Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.

Costas Busch - LSU1 Linear Grammars Grammars with at most one variable at the right side of a production Examples:

1 Compiler Construction Vana Doufexi office CS dept.

June 13, 2016 Prof. Abdelaziz Khamis 1 Chapter 2 Scanning – Part 2.

1 Linear Grammars Grammars with at most one variable at the right side of a production Examples:

Functional Programming

Efficient Evaluation of XQuery over Streaming Data

Further with Hoare Logic Sections 6.12, 6.10, 6.13

Textbook: Principles of Program Analysis

Time Complexity Costas Busch - LSU.

Corky Cartwright January 18, 2017

Growth-rate analysis of programs: the quest for decidability

Compiler Lecture 1 CS510.

Two issues in lexical analysis

CS416 Compiler Design lec00-outline September 19, 2018

Review: NFA Definition NFA is non-deterministic in what sense?

Fundamentals of Functional Programming Languages

Arithmetic Constraints and Automata

Symbolic Implementation of the Best Transformer

Other Models of Computation

Iterative Program Analysis Abstract Interpretation

Objective of This Course

The Curve Merger (Dvir & Widgerson, 2008)

Computational Complexity

Abstract Interpretation

A Unified Framework for Schedule and Storage Optimization

CS416 Compiler Design lec00-outline February 23, 2019

Abstract Interpretation

Compiler Construction

Pointer analysis John Rollinson & Kaiyuan Li

Faculty of Computer Science and Information System

Presentation transcript:

Jaeho Shin <netj@ropas.snu.ac.kr> 2004-11-01 ROPAS Show & Tell Set-Based Analysis Jaeho Shin <netj@ropas.snu.ac.kr> 2004-11-01 ROPAS Show & Tell

Overview Treating program variables as sets of values is simple and intuitive. requires no abstract domain (if no further approximation is used). Ignore dependencies between different variables. different occurrences of the same variables. domain and codomain of functions. Set-based analysis (especially in [He1994]) makes no a priori requirement for sets be finitely presentable. represents an upper-bound on the accuracy of systems that ignore dependencies between variables.

Inter-Variable Dependencies {u  1, v  2} {u  3, v  4} {x  1, ran(f)  [1,1]} {dom(g)  1, ran(g)  2} {x  2, ran(f)  [2,2]} {dom(g)  2, ran(g)  3}

Ignoring Inter-Variable Dependencies { u  {1, 3}, v  {2, 4} } { x  {1, 2}, ran(f)  {[1,1],[1,2],[2,1],[2,2]} } { dom(g)  {1, 2}, ran(g)  {2, 3} }

Target Language ML-like, Simple call-by-value functional language

Operational Semantics

Set-Based Operational Semantics Approximates execution by collapsing all environments into one single set environment.

Set-Based Approximation Local safety conditions for safe approximation The set-based semantics defined here is non-deterministic, and it may lead to an unsound approximation. Set-based approximation of term e0 is the set of values derived from the safe and minimal set environment Emin.

Algorithm for Computing sba(e0) Representation of values To forget the environment part of closures The algorithm in [He1994] computes the representation of sba(e0), Basically two steps: Construct set constraints from given term. Simplify the constructed set constraints.

Set Constraint Set Variable Set Expression

Constructing Constraints

Meaning of Constraints Interpretation I from set expressions to sets of set constraint values

Correspondence of C with sba(e0) Interpretation I is a model of the conjunction of constraints C if, for each constraint X ⊇ se, I(se) is defined and I(X) ⊇ I(se). By giving order between I I1 ⊇ I2 if I1(X) ⊇ I2(X) for all X there is a least model lm(C) of C. It can be proved that if e0 B (X, C) and Ilm = lm(C), then Ilm(X) = ||sba(e0)||.

Simplifying Constraints

Remarks on the Algorithm The simplification algorithm outputs explicit form of C. Explicit form contains only constraints with atomic expressions, where atomic expression is an abstraction or a constant with all subparts atomic. Explicit form represents a regular grammar for possible values. Time complexity is O(n3). Construction of constraints is linear in the size of e0 . At most O(n2) new constraints can be added by the simplification. Determining what other new constraints need to be added, when adding each new constraint, can be bounded by O(n). Space complexity is O(n2). Also computes the least set environment safe w.r.t. e0.

Application: Finding Links in Web Pages Goal Find all possible links (URL’s) from a given web page which is written in HTML and JavaScript. Observation URL’s in HTML can be found trivially. For JavaScript, strings assigned to variables named *.href or *.src are the URL’s. Solution Transform given web page into an intermediate representation. Construct set constraints from the intermediate program. Simplify constraints. Gather all strings that may be assigned to variables named *.href or *.src.

Finding Links in Web Pages: Transforming HTML + JavaScript

Finding Links in Web Pages: Intermediate Language

Finding Links in Web Pages: Set Constraints

Finding Links in Web Pages: Constructing Constraints 1/2

Finding Links in Web Pages: Constructing Constraints 2/2

Finding Links in Web Pages: Simplifying Constraints

Finding Links in Web Pages: Concretizing Values 1/2

Finding Links in Web Pages: Concretizing Values 2/2

Finding Links in Web Pages: Future Works Demand-driven analysis To analyze only the variables named *.href or *.src Using the idea in [ChYi2002] Increase precision Process undeclared global variables and nested functions. Distinguish different occurrences of same variables. Handle arithmetic more sophisticatedly. Consider using regular expressions instead of strings with *’s for final concrete output.

References [He1994] Nevin Heintze, “Set-Based Analysis for ML Programs”, In Proceedings of the SIGPLAN Conference on Lisp and Functional Programming, 1994. [ChYi2002] Woongshik Choi and Kwang Yi, “Demand-driven Set-Based Analysis”, Tech. Memo. ROPAS-2002-18, Research On Program Analysis System, Korea Advanced Institute of Science and Technology, October 2002. http://ropas.kaist.ac.kr/memo.